发布时间 :2017-05-25 13:29:00
修订时间 :2017-06-07 09:33:24

[原文]A path traversal vulnerability was identified in the Cloud Foundry component Cloud Controller that affects cf-release versions prior to v208 and Pivotal Cloud Foundry Elastic Runtime versions prior to 1.4.2. Path traversal is the 'outbreak' of a given directory structure through relative file paths in the user input. It aims at accessing files and directories that are stored outside the web root folder, for disallowed reading or even executing arbitrary system commands. An attacker could use a certain parameter of the file path for instance to inject '../' sequences in order to navigate through the file system. In this particular case a remote authenticated attacker can exploit the identified vulnerability in order to upload arbitrary files to the server running a Cloud Controller instance - outside the isolated application container.


[机译]Google 翻译(企业版):

- CVSS (基础分值)

CVSS分值: 4 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]

- CWE (弱点类目)

CWE-22 [对路径名的限制不恰当(路径遍历)]

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD

- 其它链接及资源

- 漏洞信息

Multiple Pivotal Products CVE-2015-1834 Directory Traversal Vulnerability
Input Validation Error 98691
Yes No
2017-05-25 12:00:00 2017-05-25 12:00:00
Swisscom / SEC Consult.

- 受影响的程序版本

Pivotal Cloud Foundry Runtime 207
Pivotal Cloud Foundry Elastic Runtime 1.4.2
,Pivotal Cloud Foundry Runtime 208
Pivotal Cloud Foundry Elastic Runtime 1.4.3

- 不受影响的程序版本

Pivotal Cloud Foundry Runtime 208
Pivotal Cloud Foundry Elastic Runtime 1.4.3

- 漏洞讨论

Multiple Pivotal Products are prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input.

Remote attackers may use a specially crafted request with directory-traversal sequences ('../') to retrieve sensitive information and modify arbitrary files. This may aid in further attacks.

The following versions are vulnerable:

Cloud Foundry Runtime cf-release version 207 and prior and
Cloud Foundry Elastic Runtime versions prior to 1.4.2.

- 漏洞利用

Attackers can exploit this issue using browser or readily available tools.

- 解决方案

Updates are available. Please see the references or vendor advisory for more information.

- 相关参考